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[Name of Document] Specification 
[Title of the Invention] 

METHOD AND APPARATUS FOR ATTACHING 
ELECTRONIC SIGNATURE TO DOCUMENT HAVING STRUCTURE 
[Claims] 

[Claim 1] An electronic signature method comprising 

the steps of : 

analyzing a target document to generate a 
representation having a structure; 

generating an electronic signature from each of the 
generated structural elements; and 

concatenating the generated electronic signatures 
into a single signature corresponding to the structure, 

[Claim 2] An electronic signature method according to 

claim 1, further comprising the step of setting a level of 
structural elements of the document, whereby precision of 
reliability judgment of a document with an electronic 
signature can be varied. 

[Claim 3] An electronic signature method according to 

claim 1 or 2, wherein a rate of coincidence between the 
target document and the target document with an electronic 
signature is found from a rate of structural elements 
having authenticated electronic signatures to the whole 
structure. 

[Claim 4] A method according to claim 1, 2 or 3, 

wherein said concatenating step includes putting the 
generated electronic signatures in a row. 

[Claim 5] An electronic signature apparatus 
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comprising: 

means for analyzing a target document to generate a 
representation having a structure; 

means for generating an electronic signature from 
each of the structural elements; and 

means for concatenating the generated electronic 
signatures into a single signature corresponding to the 
structure. 

[Claim 6] An electronic signature apparatus according 

to claim 5, wherein a level of structural elements of the 
document can be set by said means for generating an 
electronic signature, whereby precision of reliability 
judgement of a document with an electronic signature can be 
varied . 

[Claim 7] An electronic signature apparatus according 

to claim 5 or 6, wherein said means for concatenating puts 
the generated electronic signatures in a row. 

[Claim 8] An electronic signature apparatus according 

to claim 5, 6 or 7, further comprising: 

means for analyzing the structure of the target 
document ; and 

means for analyzing each of the electronic signatures 
of the structural elements of the target document to verify 
the target document having the generated electronic 
signature. 

[Claim 9] An electronic signature apparatus according 

to claim 8, wherein said means for analyzing the electronic 
signature determine a rate of coincidence between the 
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target document and the target document with an electrical 
signature from a rate of structural elements having 
authenticated electronic signatures to the whole structure. 

[Claim 10] An electronic signature apparatus 
comprising : 

an electronic signature generator including: 

means for analyzing a target document to generate a 
representation having a structure; 

means for generating an electronic signature from 
each of the generated structural elements; and 

means for concatenating the generated electronic 
signatures into a single signature corresponding to the 
structure; and 

an electronic signature analyzer including: 

means for analyzing a structure of the target 
document having the generated electronic signature; and 

means for analyzing the added electronic signatures. 
[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] 

The present invention relates to electronic signature 
(digital signature) technology utilized to ensure 
authenticity of an electronic file, and more particularly, 
to electronic signature technology applied to an electronic 
file which contains a document having a structure. 
[0002] 
[ Prior Art ] 

Electronic signature technology utilizes 
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cryptographic technology to certify that the contents of an 
electronic file have not been modified after an electronic 
signature was attached to the file. More specifically, for 
example, an electronic file or its digest is encrypted, and 
its encrypted value is sent together with the original 
electronic file to a recipient, who decrypts the encrypted 
value to see that the decrypted value is equal to the 
original electronic file or its digest, whereby it is 
certified that the contents of the original electronic file 
have not been modified. 
[0003] 

Although the aforementioned conventional electronic 
signature technology can verify content equivalence between 
an electronic file and its encrypted electronic file, it 
cannot be used to verify document structure equivalence 
between files when the files contain a document having a 
structure . 
[0004] 

Therefore, where there is document structure 
equivalence between electronic files although the 
electronic files are not equivalent to each other in terms 
of contents, the conventional technology can only verify 
that the contents of the electronic files do not match. 
[0005] 

Further, as the conventional technology can describe 
only two kinds of states, i.e., equivalent or not 
equivalent, there is no way of knowing exactly which part 
of a document structure is different between files and how 
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different they are, etc. when it transpires that the files 
are not equivalent . 
[0006] 

[Object of the Invention] 

In view of the situation as mentioned above, it is an 
object of the present invention to provide electronic 
signature technology to be applied to an electronic file 
containing a document having a structure, according to 
which a level of equivalence such as electronic file 
equivalence, document structure equivalence, document 
structure partial equivalence, etc. can be evaluated. 
[0007] 

[Means for Solving the Problems] 

To achieve the above object, the present invention 
provides a method and apparatus for attaching an electronic 
signature to an electronic file containing a document 
having a structure, wherein a signature is generated from 
each structural element of a target document . 
[0008] 

According to the electronic signature method of the 
present invention, first, a target document is analyzed to 
generate a representation having a structure and then, a 
signature is generated from each of the generated 
structural elements and the thus generated signatures 
(ciphers) are concatenated to form a single signature 
corresponding to the structure. A method of generating 
ciphers from each structural element does not have to be 
limited to any particular method, and any common cipher 
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generation method may be employed. 
[0009] 

Further, according to the electronic signature method 
of the present invention, an electronic file with a 
generated electronic signature is verified and depending on 
a processing request, at least (1) electronic file 
equivalence, (2) document structure equivalence and (3) a 
coincidence rate between electronic files are found from 
the contents of the signature. 
[0010] 

The electronic signature apparatus according to the 
present invention comprises electronic signature generator 
11 and electronic signature analyzer 12, as illustrated in 
Fig. 1. The electronic signature generator 11 comprises 
parser unit 14 for analyzing target document 13 to generate 
a representation having a structure; cipher generator unit 
15 for generating a signature from each of structural 
elements generated by the parser unit 14; and signature 
generator unit 16 for concatenating the generated 
signatures (ciphers) into a single signature corresponding 
to the structure of the document. 
[0011] 

The electronic signature analyzer 12 similarly 
comprises parser unit 18 and signature analyzer unit 19 in 
order to verify electronic file 17 having a generated 
electronic signature. The signature analyzer unit 19 has 
at least three functions to perform in response to a 
request 20 for processing, i.e. (1) function 21 of 
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verifying electronic file equivalence ; (2) function 22 of 
verifying document structure equivalence ; and (3) function 
23 of deriving a coincidence rate. 
[0012] 
[Embodiment ] 

First, reference is made to a "document having a 
structure", which constitutes a subject of a method and 
apparatus of the present invention. A normal document 
consists of chapters, sections and paragraphs, which may be 
diagrammatically represented as a tree structure as 
illustrated in Fig. 2. The electronic signature method and 
apparatus according to the present invention are directed 
to an electronic file containing a document that can be 
represented in the form of such a tree structure. 
[0013] 

A file described in XML may be cited as an example of 
a document having such a tree structure. An example of an 
XML file is shown in Fig. 3. 

In the shown example, the XML file contains 
information called "white space", that is, information 
about tab, line feed, etc. to represent indentation. Since 
XML permits the use of a white space in so far as the white 
space does not change a document structure, deletion of 
such information from this XML file does not affect its 
document structure per se. Fig. 4 shows the XML file with 
the white spaces being deleted, which is the same as the 
XML file shown in Fig. 3 in terms of a document structure. 
However, when these files in Figs. 3 and 4 are compared to 



each other simply as files, they are considered to be 
different . 
[0014] 

Conventionally, whether or not two XML files are 
equivalent in terms of a document structure has been judged 
by analyzing them by means of an XML Parser, generating the 
result of the analysis in the form of DOM objects and 
comparing the thus generated DOM objects to see if they are 
equivalent. On the other hand, according to the electronic 
signature method and apparatus of the present invention, 
the files in Figs. 3 and 4 have different signature codes 
representing a file although they have the same signature 
codes representing a document structure. Thus, by 
employing the present method and apparatus, it is possible 
to learn from the signature codes that these files are 
different in file contents and yet equivalent in terms of a 
document structure . 
[0015] 

Fig. 5 shows an example of a signature of the 
aforementioned file and document structure. It is assumed 
here that Fig. 5 shows a result obtained by enciphering 
each structure element to be mapped to seventeen-digit 
decimal numerals. Next, a signature is generated based on 
the enciphered information. Fig. 6 shows a format for 
concatenating signatures to one another. In Fig. 6, a file 
signature code is a cipher indicative of coincidence in 
terms of a file, and "OxFF" is a delimiter of elements. 
Further, a depth code is a numerical value indicative of 
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how much of a tree structure is ciphered to be contained in 
a signature. More specifically, when a depth code is 0, it 
signifies that ciphers to represent all the structural 
elements of a tree structure are included in a signature. 
A node signature code is a code of each element. By adding 
the thus constructed signature to the file as a structure 
element of the document, a document with an electronic 
signature shown in Fig. 7 is obtained. In the example 
shown in Fig. 7, a signature node, i . e . <Signature> ... 
</Signature> is added, and a symbol ,, + " is used to 
concatenate character strings for the sake of clarity of a 
construction of a signature, and the thus concatenated 
character strings constitute a signature. 
[0016] 

The electronic signature apparatus according to the 
present invention may be built on a computer system 86 
which comprises a CPU 81, a storage device 82, a file 
system 83, a display device 84 and an input device 85, as 
illustrated in Fig. 8. In the file system 83, documents 
having electric signature as their data are stored/managed. 
Since the location of each document is not relevant to the 
substance of the present invention, data may be placed in a 
database. 
[0017] 

In the system configuration as illustrated above, the 
electronic signature method and apparatus according to the 
present invention can treat a file stored in the file 
system 83 as a document having a structure and verify 
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whether an unauthorized modification has been made to the 
file and which portion of the structure has been modified 
if it transpires that there has been an unauthorized 
modification . 
[0018] 

As a specific example of the aforementioned 
verification, reference is now made to an application 
example where an unauthorized operation of a system is 
prevented by verifying which portion of a file has been 
modified. 

According to the application example, a tool for 
automatically generating a configuration for accessing a 
database system generates a file containing an electronic 
signature, whereby a user is notified of an unauthorized 
modification on the file and the location of the 
unauthorized modification before access to the database 
system. 

[0019] 

Conventionally, a configuration file, which is 
automatically generated by a tool for automatically 
generating a configuration for accessing a database system, 
does not support a modification made to a file by means of 
a method other than the tool. Usually, information 
indicative of whether or not a modification has been made 
to a file by a method other than the tool is not attached 
to a file. Besides, even if a conventional electronic 
signature is attached to such a configuration file, it can 
only show that a file has been modified and which portion 
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of the file has been modified cannot be identified. Still 
further, as a conventional electronic signature can only 
verify that a file has been modified, even if the 
modification does not disadvantageously affect an operation 
in the light of structural information, it is still 
indicated by the signature that the modification has been 
unauthorized. Thus, processing performed by a conventional 
electronic signature is not adequate or thorough* 
[0020] 

Fig. 9 illustrates a system configuration of the 
above-described application example. Since the system 
illustrated in Fig. 9 comprises the system shown in Fig. 8 
and database system 91, like numerals denote like 
components in Figs. 8 and 9. In order to connect the 
database system 91, an appropriate configuration must be 
provided. The system in Fig. 9 is provided with a tool 
(Conf igGenTool) 92 for automatically generating such a 
configuration by interacting with a user. The tool 92 
requests a user to enter information necessary for 
accessing the database system and generates a configuration 
file on the basis of the thus input information. More 
specifically, the tool 92 verifies that the computer system 
can access the database system 91 by the configuration and 
generates a configuration file (Conf ig.xml) 93. At the 
time of generation of the configuration file 93, a user can 
indicate whether or not to add an electronic signature of 
the present invention to the configuration file 93 and also 
choose a depth code of the electronic signature which 
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affects how extensively and strictly a structure of the 
file is to be covered by the electronic signature. Fig. 10 
shows an example of the configuration file 93 to which an 
electronic signature is attached. In the example shown in 
Fig. 10, a signature of each structural element of a file 
and a signature of the file per se are both represented in 
seventeen-digit hexadecimal numbers. 
[0021] 

The thus generated configuration file 93 is 
referenced by a database system access module (DBAccessor) 
94, which is activated when the computer system actually 
accesses the database system 91. In this event, when an 
electronic signature is included in the configuration file 
93, the module 94 verifies its authenticity before it 
accesses the database system 91. When the configuration 
file 93 has been modified as shown in Fig. 11, the 
module 94 performs normal database access processing 
because the file of Fig. 11 coincides with the original 
file of Fig. 10 in terms of a structure, though the file of 
Fig. 11 is considered to be unauthorized in terms of a file 
coincidence. In other words, since the modification of the 
file in Fig. 10 to the file in Fig. 11 constitutes mere 
deletion of tabs and line feed codes, which are white 
spaces according to the XML specification, the files in 
Figs. 10 and 11 are equivalent in terms of XML . 
[0022] 

On the other hand, when the configuration file 93 has 
been modified as indicated by the underline in Fig. 12, the 
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module 94 can identify the modified portion and notify a 
user by displaying a message "The designated provider is 
not authorized", before starting access processing. Thus, 
by using an electronic signature of the present invention 
in a configuration file for accessing a database system, a 
portion that has become unauthorized as a result of 
modification can be specifically indicated, whereby an 
unauthorized access can be avoided. 
[0023] 

Further, the use of the electronic signature 
method and apparatus of the present invention enables 
determination as to whether each of structural elements of 
an electronic file containing a document having the above- 
described structure coincides with that of the original 
electronic file, whereby a coincidence rate or non- 
coincidence rate with respect to an entire structure as 
opposed to each structural element can be calculated and 
the system can be controlled with reference to the thus 
calculated rate. 
[0024] 

[Effect of the Invention] 

As appreciated from the foregoing, according to the 
present electronic signature method and apparatus, 
electronic signatures can be extracted and compared, so 
that it becomes possible to verify equivalence between 
electronic files containing a document having a structure 
such as file equivalence and document structure equivalence 
and also find a coincidence rate between files. 
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[Brief Description of the Drawings] 

[Fig. 1] A conceptual diagram illustrating an 

electronic signature apparatus and the flow of process 
performed thereby. 

[Fig. 2] A diagram illustrating a tree structure of a 

document . 

[Fig. 3] A diagram showing an example of a structure 

of an XML file. 

[Fig. 4] A diagram showing an example of a structure 

of a file which is equivalent to the structure of file 
shown in Fig. 3 in terms of XML although they are different 
files . 

[Fig. 5] A diagram showing a document and a cipher 

corresponding to each structural element of the document. 

[Fig. 6] A diagram showing an example of a format for 

concatenating electronic signatures . 

[Fig. 7] A diagram showing an XML file to which an 

electronic signature is attached. 

[Fig. 8] A block diagram illustrating an example of a 

configuration of a system in which the present invention is 
reduced to practice. 

[Fig. 9] A block diagram illustrating an example of a 

system configuration of an application example of the 
present invention . 

[Fig. 10] A diagram showing an example of a 

configuration. xml file to which an electronic signature is 
added . 

[Fig. 11] A diagram showing an example of modification 
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to a configuration. xml file. 

[Fig. 12] A diagram showing another example of 

modification to a configuration. xml file. 

[Explanation of Reference Marks] 
11: Electronic Signature Generator 
12: Electronic Signature Analyzer 
13: Target Document 
14, 18: Parser Unit 
15: Cipher Generator Unit 
16: Signature Generator Unit 
17: Electronic File with Signature 
19: Signature Analyzer Unit 
20: Processing Request 
21: File Verification 
22: Structure Verification 
23: Coincidence Rate 
81: CPU 

82: Storage Device 
83: File System 
84: Display Device 
85: Input Device 
86: Computer System 
91: Database System 
92: Conf igGenTool 
93: Conf ig. xml 
94: DBAccessor 
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[ Name of Document ] Drawings 
* [Fig. 1] 



Target Document 13 



Electronic Signature G enerator 11 



Parser 14 



Cipher Generator 15 



Signature Generator 16 



Electronic File with Signature 17 



Electronic Signature Analyzer 12 



Parser 18 



Signature Analyzer 19 



File Verification 21 




Proseccing 
Request 20 



Structure Verification 22 



[ Fig. 2 ] 



Document 




Section 1 Section 2 



[ Fig. 3 ] 



<? xml version="LO" encoding="utf-8" ?> 
<Document> 

<Chapter 1> 

<Sectioh l>...</Section 1> 
<Section 2>...</Section 2> 
</Chapter 1> 
<Chapter 2> 

<Section l>...</Section 1> 
<Section 2>...</Section 2> 
<Section 3>...</Section 3> 
</Chapter 2> 
</Docuraent> 



[Fig. 4] 



<? xml version="1.0" encoding="utf-8 M ?> 

<Document><Chapter l><Sect.l>...</Sect.l><Sect.2>...</Sect.2></Chapter 1> 
<Chapter 2><Sect.l>...</Sect.l><Sect.2>...</Sect.2><Sect.3>...</Sect.3></Chapter 2> 
</Document> 
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<? xml version="1.0" encoding="utf-8" ?> 




<Document> 






~- * 01424442344553994 


<Sect.l>...</Sect.l> 


— > 10458043242424234 i 


<Sect.2>...</Sect.2> 


~- > 15357989849284423 


</Chapter 1> 






— } 01643544098078423 


<Sect.l>...</Sect.l> 


— > 10572839792742349 


<Sect.2>. . .</Sect.2> 


~- } 17932032304804822 


<Sect.3>...</Sect.3> 


~- } 15239759890098203 


</Chapter 2> 




</Document> 





[ Fig. 6 ] 



File Signature Code 


OxFF 


Depth Code 


OxFF 


Node Signature Code (1) 


OxFF 


Node Signature Code (2) 



[ Fig. 7 ] 



<? xml version^ 1.0" encodmg="utf-8" ?> 
<Document> ' 

<Chapter 1> 

<Sect.l>...</Sect.l> 

<Sect.2>...</Sect.2> 
</Chapter 1> 
<Chapter 2> 

<Sect.l>...</Sect.l> 

<Sect.2>...</Sect.2> 

<Sect.3>...</Sect.3> 
</Chapter 2> 

<Signature>3 1233123 1 25443242+0xFF+ 0x00+0 1 42444234455 3 99 4 
+OxFF+10458043242424234+OxFF+15357989849284423+OxFF+016435440 
98078423+OxFF+10572839792742349+OxFF+17932032304804822+OxFF+l 
5239759890098203</Signature> 
</Document> 



[ Fig. 8 ] 



Computer System 86 



CPU 81 



Storage Device 82 



File System 83 



Display Device 84 



Input Device 85 



[Fig. 9] 



Computer System 86 



CPU 81 



Storage Device82 



File System 83 



T 



Display Device 84 



Input Device 85 



DBAccessor 94 



ConfigGenTool 92 



Config.xml 93 



Database System 91 



[Fig. 10] 

<?xml version="1. 0" encoding="utf-8"?> 

<0LEDBSetting> 

<Provider>SQLOLEDB. K/Provider> 

<lntegratedSecuri ty>SSPI</lntegratedSecur ity> 

<Pers i s tSecur i ty I nf o>Fa I se</Pers i s tSecur i ty I nf o> 

<lni t ialCatalog>Northwind</lni tialCatalog) 

<Da t a Sou r c e>DARKS TAR</Da t a Sou r ce> 

<UseProcedurefprPrepare>1</UseProcedureforPrepare> 

<AutoTranslate>True</AutoTranslate> 

<PacketSize>4096</PacketSize> 

Workstation I D>DARKSTAR</Wo r k s tat i on I D> 

<Signature>032423afb432ef432ff00ff153453adb432e532ff 

f1443f0988fe080809ff153452f4b2ed42304ff1543409888d8eba34ff10 

98043242a988edbff1143298ef0a0b0cd0ff18aaadbc443298753ff 15432 

42d90O9e7bc3ff125438aOfOd0e0083</Signature> 

</OLEDBSetting> 



[Fig. 11] 



<?xml version="1. 0" encoding="utf-8"?> 

<0LEDBSet t i ngXProv i de r>SQL0LEDB. K/Prov i de r>< IntegratedSecu 

rity>SSPI</lntegratedSecurityXPersist$ecuritylnfo>False</Pe 

rsistSecur i ty InfoXIni t i a I Ca t a I og>Nor t hw i nd</ 1 n i t i a I Ca t a I og> 

<DataSource>DARKSTAR</DataSourceXUseProcedureforPrepare>1</ 

UseProcedureforPrepareXAutoTranslate>True</AutoTranslateXP 

acketSi ze>4096</PacketSi zeXWorkstat ion I D>DARKSTAR</Wo r ks t a t 

ionlDXSignature>032423afb432ef432ff00ff153453adb432e532fff1 

443f0988fe080809ff153452f4b2ed42304ff1543409888d8eba34ff1098 

043242a988edbff1143298ef0a0b0cd0ff18aaadbc443298753ff 1543242 

d9009e7bc3ff125438aOfOdOe0083</Signa'ture> 

</OLEDBSetting> 



[Fig. 12] 

<?xml version="1. 0" encoding="utf-8"?> 

<OLEDBSetting> 

<Provider> Microsoft. Jet. OLEDB. 4. 0 </Provider> 

<lntegratedSecuri ty>SSPK/lntegratedSecuri ty> 

<PersistSecur itylnfo>False</PersistSecuri ty lnfo> 

<lni t ialCatalog>Northwind</lni t iaICatalog) 

<Da t aSou r c e>DARKSTAR</Da t aSou r ce> 

<UseProcedureforPrepare>1</UseProcedureforPrepare> 

<AutoTranslate>True</AutoTranslate> 

<PacketS i ze>4096</PacketS i ze> 

<Wo r k s t a t i on I D>DARKSTAR</Wo r ks t a t i on I D> 

<Signature>O32423afb432ef432ff00ff153453adb432e532ff 

f1443f0988fe080809ff153452f4b2ed42304ff1543409888d8eba34ff10 

98043242a988edbff1143298ef0a0b0cd0ff18aaadbc443298753ff 15432 

42d9009e7bc3ff125438aOfOdOe0083</Signature> 

</0LEDBSetting> 



[Name of Document] Abstract 
[Abstract ] 
[Object] 

An electronic signature technology for attaching an 
electronic signature to an electronic file containing a 
document having a structure is provided, wherein a level of 
electronic file equivalence, a level of document structure 
equivalence and a level of document structure partial 
equivalence can be set and evaluated. 
[Means for Solving the Object] 

A target document is analyzed to generate a 
representation having a structure. Next, a signature is 
generated from each of the generated structural elements, 
and the generated signatures (ciphers) are concatenated 
into a single signature corresponding to the structure. 
Also, the electronic file having the generated electronic 
signature is verified to find from the contents of the 
signatures, at least (1) electronic file equivalence; (2) 
document structure equivalence; and (3) a coincidence rate, 
depending on a processing request. 
[Selected Drawing] Fig. 1 



